[Dovecot] Dovecot, Postfix and SMTP AUTH....

[Bartosz Toczek]

Hello.

I've notice a problem with SMTP AUTH in postfix with dovecot. My 
configuration is based on Postgresql. I've created a function in 
postgresql which returns password and username and attached it to 
password_query. Query looks like this

password_query = SELECT username_out as username, password_out as 
password FROM get_password(lower('%n'),lower('%d'));

Problem is when get_password returns something like this...

vmail=# SELECT username_out as username, password_out  FROM 
get_password(lower(''),lower(''));
LOG:  statement: SELECT username_out as username, password_out  FROM 
get_password(lower(''),lower(''));
LOG:  duration: 2.342 ms  statement: SELECT username_out as username, 
password_out  FROM get_password(lower(''),lower(''));
 username | password_out
----------+--------------
          |
(1 row)


It returns 1 empty row....

When this is attached to postfix with smtp auth with such configuration

# SMTP AUTH
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain =
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth

my serwer starts to be open relay...

I now that it returns empty string for username and password... so where 
is the password checked... if I dont send password as a parameter to my 
function.

Definition of the function looks like this:

CREATE FUNCTION get_password("login" character varying, "domain" 
character varying, OUT username_out character varying, OUT password_out 
character varying) RETURNS record

Can you help with that...

BT



----------------------------------------------------------------------
Zrob numer kumplom >> http://link.interia.pl/f1a5d